Researchers found forged Android ad blocker that serves ads to users

Recently, researchers at Malwarebytes have discovered a malicious ad blocker for Android users. The app is disguised as ad-blocking software, but its essence is a malware that spreads ads. Mainly targeted at users in the United States, France, and Germany.

It is understood that after the software is installed, it will start to request various permissions from the user. The user is then induced to agree to connect to the VPN, and then malware is executed in the background.

Image: Malwarebytes

In addition, the application is stealthy. The user can only see the small key icon in the status bar, and there will be a blank notification bar on the screen that cannot be detected. If the user happens to press this blank notification, it will be allowed to install more malware. With its features and permissions, this software generates a large number of ads frequently and presents them in many forms.

The researchers also found the malware to have a high infection rate. According to VirusTotal, the app is primarily distributed through third-party app stores. In some cases, it can also be disguised as a movie application. The researchers said that although the app became invisible after installation, users may notice the existence of the app in the app settings. Therefore, the user can choose to uninstall it directly.